Tag Archives: information governance

August 5, 2025 · 9:57 AM

Why Most eDiscovery Tools and Online Archiving Offerings Are Terrible for Information Governance

By John Patzakis and Chas Meier

Many organizations assume that information governance initiatives—such as data privacy audits, purging ROT (Redundant, Obsolete, or Trivial) data, merger and acquisition-driven data separation, or data breach impact assessments—can be effectively addressed using eDiscovery tools or online archiving platforms. After all, eDiscovery solutions excel at identifying and searching through large volumes of unstructured data in high-stakes, reactive legal scenarios.

However, there is a critical distinction between eDiscovery and information governance workflows that organizations must understand when selecting the right solution. eDiscovery typically involves copying large volumes of data at multiple stages and continually moving that data upstream, eventually into third-party cloud platforms for processing and hosting. In contrast, duplicating and moving massive data sets is often the last thing you want to do in information governance projects, which are typically large-scale, enterprise-wide initiatives.

In fact, here are five major reasons why most eDiscovery tools and online archiving solutions are terrible for information governance. These tools:

  1. Dramatically Increase Risk
    Consider a scenario where an organization suffers a data breach and must assess 100 terabytes of data to identify compromised PII and determine reporting obligations. Most eDiscovery tools require a full copy of this data to be made and uploaded into a third-party environment—doubling the volume of sensitive material and compounding the risk. Instead of helping, this kind of mass data duplication exacerbates the compliance and privacy risks that governance initiatives aim to reduce. In fact, such inefficient data duplication directly conflicts with GDPR principles, which require data minimalization and proportionality.
  2. Are Exorbitantly Expensive
    Information governance is not a small, tactical effort—it is a broad, enterprise-wide initiative. At X1, we rarely see governance projects involving less than 50 terabytes of data. Using traditional eDiscovery pricing models, even with volume-based discounts, these projects can quickly rack up tens of millions of dollars in costs due to unnecessary processing, storage, and hosting workflows designed for litigation—not governance.
  3. Can’t Meet Time Constraints
    Copying, transferring, uploading, and indexing 100 terabytes of data into a third-party cloud platform can easily take six months or more, even in an ideal scenario. That timeline is incompatible with the urgent nature of most information governance use cases, such as data breach impact assessments or M&A-related audits. Worse yet, by the time the data has been copied and indexed, it will likely already be stale—undermining the integrity of the project from the outset.
  4. Create Remediation Roadblocks
    Suppose you incur the costs and risk to copy and upload a full data set in an external review platform and successfully identify sensitive or outdated data for remediation. Now what? You are merely working with copies of the data. The originals remain distributed across Microsoft 365, file servers, laptops, and other locations. Trying to trace back and manually remediate live data sources is costly, disruptive, and error-prone—defeating the very efficiency goals of the governance project.
  5. Do not Support Microsoft 365 Effectively
    Many so-called “governance” tools are simply rebranded email archiving systems that rely on bulk copying data out of Microsoft 365. Not only is this approach expensive and inefficient, but it also creates serious technical and compliance risks. Microsoft 365 does not support mass data exports at scale without significant friction, and errors are common—as illustrated in FTC v. Match Group, No. 3:19-CV-2281-K, 2025 WL 46024 (N.D. Tex. Jan. 7, 2025). In that case, Microsoft Purview exports into an archival system failed, resulting in court-imposed discovery sanctions. If a solution does not support index-in-place capabilities—allowing analysis directly upon the native data—it is simply not viable for modern information governance needs.

A Different Approach is Required
Information governance requires agility, precision, and a fundamentally different approach than traditional eDiscovery processes. Organizations must be wary of legacy eDiscovery tools and outdated archiving platforms masquerading as governance solutions.

X1 Enterprise was purpose-built to address the challenges and inefficiencies that plague traditional eDiscovery tools and archiving platforms when applied to information governance. At the core of the X1 Enterprise Platform is its patented micro-indexing architecture, which enables organizations to search, analyze, and act on data in place, without needing to first copy, move, or centralize it.

This index-in-place capability means X1 can connect directly to endpoints, file shares, Microsoft 365, and other enterprise data sources to perform fast, scalable, and highly targeted data sweeps and analysis—without duplicating the data or exposing it to unnecessary risk. Whether you are performing a data privacy audit, a breach impact assessment, or an M&A data separation project, you can run real-time searches across tens of terabytes and thousands of custodians—with results returned in minutes, not months, and the data remediation performed in-place.

By eliminating the need for data movement, X1 avoids the five major pitfalls of legacy tools:
Risk: No mass duplication of data, reducing exposure and aligning with GDPR and other regulatory requirements.
Cost: No massive ingestion or hosting fees—X1 dramatically lowers total project costs by working directly with live data.
Time: Deploy and execute governance initiatives in a fraction of the time required by traditional methods.
Remediation: Act directly on live data—flag it, move it, delete it, or apply tags—in the original source locations.
Microsoft 365 Compatibility: X1 integrates natively with Microsoft 365 and other systems without requiring cumbersome exports or expensive additional licensing and services, enabling robust, reliable governance at enterprise scale. Simply put, we believe X1 provides the best available support for M365 data sources.

In short, X1 Enterprise offers a faster, safer, and far more cost-effective way to execute complex information governance projects—turning what used to be massive, reactive, months-long efforts into streamlined, proactive, and strategic workflows.

Learn more about how X1 Enterprise can streamline your next information governance project. Schedule a demo today at sales@x1.com or visit www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, CaCPA, Cloud Data, Corporations, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, GDPR, Information Governance, law firm, m365, Preservation & Collection, Records Management

Tagged as , , , , , , , , , , , , , ,

June 17, 2025 · 2:56 PM

X1 Enterprise Is the Gold Standard for Data Separation in M&A Matters

By John Patzakis and Charles Meier

X1 is the Gold Standard in Data Separation

Corporate mergers and acquisitions are complex enough on their own — but when a deal involves the divestiture of an entire business unit or a carve-out of specific departments, the stakes for separating data correctly and efficiently become even higher. Legal and IT teams must identify and surgically separate emails, documents, and other unstructured electronic information to ensure that the right data goes to the acquiring party — and that what must be retained remains secure and compliant with privacy and legal requirements.

This data separation exercise is notorious for being time-consuming, extremely expensive, and highly disruptive. This is because traditional methods require heavy lifting by IT teams and service providers, endless back-and-forth with custodians, and mass data collections that literally double the risk. Worse yet, Microsoft Purview, with its known throttling and low throughput challenges for M 365 data, is not up to the task for data separation matters that invariably involve at least dozens of terabytes. These inefficiencies all lead to severe regulatory risks, runaway costs, and critical delays.

There is, however, a far better way — X1 Enterprise. Several major corporations have recently employed X1 Enterprise in high-stakes data separation matters. Once completed, the comments from our customers are the same: There was no other way they could have done it without spending millions of dollars on time-consuming and disruptive services.

Data Separation Is Not Just Another eDiscovery Project

Unlike standard eDiscovery, a divestiture-driven data separation project must carve out large volumes of live, operational data while the business continues to run. Legacy tools and processes require copying and moving the entire subject data set to a separate repository for indexing and searching — adding huge costs, time delays, and operational risk.

X1 Enterprise’s game-changing advantage lies in its distributed micro-indexing architecture and true index-in-place capability. This unique approach allows organizations to instantly search, categorize, and separate or otherwise remediate massive volumes of data where it resides — without duplicating and exporting entire data sets to third-party servers for processing.

In practical terms, this means:

Lightning-Fast Search: X1 Enterprise creates lightweight, local micro-indexes on endpoints and servers across the organization. Search results come back in seconds, no matter where the data lives — on laptops, file shares, or cloud repositories such as M365.

Minimal Disruption: Because the data stays in place, there is no need to duplicate or move sensitive content, minimizing the risk of data leakage, avoiding the bottlenecks that come with data copying and migration for centralized processing, and enabling the actual remediation to be infinitely more effective by working on the live data set. How do you execute data separation when you are working off a stale copy of the data for the categorization effort? The short answer: Up to millions of dollars in manual services to go back to the “original data” and manually separate the data for each employee and their respective data sources.

Scalability and Control: Whether the divestiture involves hundreds or thousands of custodians across geographies, X1 Enterprise scales seamlessly while giving legal and IT teams centralized control and real-time oversight.

Defensible Process: Legal teams can generate audit trails, reports, and logs to demonstrate a precise and defensible chain of custody, which is critical for regulatory and contractual compliance.

The Bottom Line: Much Faster, with Dramatically less Cost and Risk.

When time is money — and delays can put entire deals at risk — organizations cannot afford cumbersome, legacy eDiscovery workflows for carve-out data separation projects. X1 Enterprise’s innovative architecture empowers legal, compliance, and IT teams to execute precise data separations faster, with dramatically lower cost and business impact.

For any organization facing a merger, acquisition, or divestiture, X1 Enterprise is not just an upgrade — it is the modern standard for high-stakes data separation and governance.

Learn more about how X1 Enterprise can streamline your next M&A project. Schedule a demo today at sales@x1.com or visit  www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Case Study, Cloud Data, compliance, Corporations, Data Audit, ECA, eDiscovery & Compliance, Enterprise eDiscovery, ESI, GDPR, Information Access, Information Governance, Information Management, m365, Preservation & Collection, Records Management

Tagged as , , , , , , , , , , ,

February 12, 2025 · 12:22 PM

X1 Enterprise Successfully Passes GDPR-Mandated Data Protection Impact Assessment

By John Patzakis

The European Union (EU) General Data Protection Regulation (GDPR) requires that subject organizations ensure and demonstrate the protection of personal data under their control. GDPR Article 35 mandates that when implementing new data collection technologies or engaging in a major new project involving significant data collection, an organization must perform a Data Protection Impact Assessment (DPIA).

Recently, a Fortune 500 company with global operations successfully implemented X1 Enterprise to address their eDiscovery and information governance requirements throughout the EU region, involving both Microsoft 365 and on-premises data sources. This implementation required the vetting of X1 Enterprise by auditors and the internal Data Protection Officer through an extensive DPIA process, which X1 passed. The effort provides important industry insights into how our Fortune 500 customer leveraged X1’s unique, on-premises index-in-place and targeted search and collection features, as well as other data minimization capabilities, to meet the DPIA requirements.

The EU provides official guidance and a checklist for conducting an Article 35 DPIA. Among the key requirements is the consideration of the “current state of the technology” in the area and that the technology and collection processes have adequate “proportionality measures” in their collection capabilities to “ensure data minimalisation.” If processes and technology engage in overly broad data collection, the guidance suggests considering alternative technologies and methods.

The team at our Fortune 500 customer emphasized the following unique data minimalization capabilities and features of X1 Enterprise in their DPIA:

  1. Index and Search Data In-Place. X1’s proprietary micro indexes enable the searching of data on laptops, file servers and Microsoft in-place so that only the potentially relevant data is collected for eDiscovery and data audits, which fulfills the GDPR’s proportionality requirements. In contrast, tools that require full disc imaging for basic eDiscovery collection are extremely problematic.

    As the court said in In re Ford Motor Company, 345 F.3d 1315: “[E]xamination of a hard drive inevitably results in the production of massive amounts of irrelevant, and perhaps privileged, information…” Even worse, the collected data is then re-duplicated, often multiple times, by the examiner for archival purposes. And then the data is sent downstream for processing, which results in even more data duplication. Load files are created for further transfers, which are also duplicated. Notably, EU guidance for a DPIA analysis requires that organizations consider alternative data collection technologies and methods that have better “proportionality measures” to “ensure data minimalization.”
  2. Blind Searches and User Enabled Review. Using X1 Enterprise, an administrator can run detailed system wide searches and receive a detailed search result report without having access or possession of the target data. Instead, the administrator can direct X1 to first present the search results to the end-user employee to review and apply tags to identify personal, relevant or non-personal data, thereby applying clear and detailed consent to the subsequent collection of any relevant information.
  3. Segmentation of Data Regions vs. Creation of Central Data Lakes. X1 can be deployed behind an organizations’ firewall or their own private cloud instance in the EU. Each custodian/employee is associated with a single micro-index. This allows X1 to target searches to specific EU counties and segments of users. This contrasts to archiving or other eDiscovery tools that require bulk copying and intermingling of all user data to a central location, where additional back-up copies are made, all which directly run afoul of the data minimalization and proportionality requirements of the GDPR.
  4. Delete Data In-Place. GDPR requires the deletion of non-compliant on demand. Purging data on managed archives does not suffice if other copies are on laptops, unmanaged servers and other unstructured sources. X1’s on-premises distributed architecture uniquely enables the systematic deleting of data in place.
  5. Platform to Enforce GDPR and Privacy Policies. In addition to asserting X1 met the requirements and standards under GDPR mandated DPIA, our Fortune 500 customer noted as further justification in their DPIA that they also planned to utilize X1 Enterprise to enforce privacy policies and provisions under the GDPR. X1 Enterprise is an ideal platform to respond to Data Subject Access requests, proactively audit data sources to identify and remediate personal information, as well as systematically purge unneeded data that may contain personal information of EU data subjects.

    Ready to Learn More?
    For companies navigating complex information governance and eDiscovery requirements, including those involving M365, the  X1 Enterprise Platform ensures compliance while protecting privacy. By implementing X1 Enterprise, organizations can not only reduce costs and save valuable time but also gain a strategic advantage in managing their information governance needs. For a demonstration of the X1 Enterprise Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Case Study, Cloud Data, compliance, Data Audit, eDiscovery & Compliance, GDPR, Information Governance, Information Management, law firm, m365, Preservation & Collection

Tagged as , , , , , , , , ,

December 17, 2024 · 11:06 AM

Inactive Mailboxes, Unlocked: How X1 Enterprise Transforms M365 Data Discovery and Compliance

By Chas Meier and John Patzakis

In today’s compliance-driven environment, organizations must retain, discover, and manage large volumes of email data—even when the employees who once owned that data have long since departed. In Microsoft 365 (M365), this is managed through the concept of “inactive mailboxes.” An inactive mailbox is a mailbox that remains accessible for legal, regulatory, or compliance reasons, but no longer corresponds to an active user. While these preserved data stores are critical for eDiscovery, compliance, and investigations, they can pose significant challenges when it comes to efficiently locating, searching, and collecting the information they contain.

Fortunately, the latest innovations from X1 Enterprise are transforming how organizations handle these inactive mailboxes, making it easier and more streamlined than ever to discover and collect critical information—no matter where it resides.

What Are Inactive Mailboxes in M365?
Inactive mailboxes are mailboxes retained after a user leaves an organization, even after their license is removed. By placing a mailbox on legal hold or under a retention policy before deprovisioning the user, you can preserve it indefinitely without incurring licensing costs. This ensures the data remains accessible for compliance and eDiscovery. Best practices include applying holds before removing accounts, treating inactive mailboxes as part of ongoing governance efforts, and lifting holds once no longer needed.

The Process of Searching Inactive Mailboxes in Purview
In Microsoft Purview (the compliance and security center for Microsoft 365), users granted the eDiscovery manager role and each provisioned with an E5 license can search across both active and inactive mailboxes to fulfill legal or regulatory requirements. Generally, the process involves:

  1. Identifying the Inactive Mailboxes: Administrators must first know which mailboxes are inactive. Inactive mailboxes do not appear in the standard active user lists and often require additional steps to locate—either through the Purview interface, the Microsoft 365 admin center, or by running PowerShell scripts.
  2. Setting Up Permissions and Scope: The person performing the search needs appropriate eDiscovery roles in Purview. Once permissions are granted, they create a new content search or eDiscovery case and include the specific inactive mailboxes in the scope.
  3. Applying Search Criteria: Administrators can filter the search by date, keywords, sender/recipient, or other criteria. After running the search, Purview indexes the content and returns results for review and export.

Why Users Find It Challenging
Users face significant challenges when searching inactive mailboxes due to limited visibility—these mailboxes do not appear with active ones, requiring extra effort to locate and include them. Additionally, complex eDiscovery and compliance roles can be difficult to manage, particularly in organizations with large teams or complicated approval processes. A lack of a unified interface means working across multiple portals, tools, or scripts, leading to a fragmented and easily mismanaged workflow. Finally, without an intuitive, consolidated process, adding inactive mailboxes into search scopes, running queries, and ensuring data completeness is time-consuming and more prone to errors.

As organizations scale and accumulate thousands of these mailboxes, these difficulties multiply. Managing a vast, growing inventory of inactive mailboxes transforms a cumbersome task into a formidable burden, slowing down investigations, audits, and regulatory responses, and increasing the risk of overlooking critical data.

Many organizations resort to re-hydrating inactive mailboxes by applying an active M365 license to each one (“throwing licensing”), copying all M365 mailboxes of departed employees in a separate non-Microsoft archive (“throwing archiving”), or bringing inactive mailboxes into the litigation workflow (“throwing services”) to address the problem when faced with eDiscovery requests. Each of these approaches is extremely expensive, burdensome, and fraught with risk.

Driving the Transformation of Inactive Mailboxes through New Capabilities
X1 Enterprise has long been a trusted solution for comprehensive and targeted search across M365 data sources, file servers, and endpoints. With the new release of X1 Enterprise version 5.3, X1 is taking an industry-leading step forward in how organizations manage and leverage their inactive mailboxes.

How X1 Enterprise Revolutionizes Inactive Mailbox Management:

  • Unified Discovery Experience: With X1 Enterprise 5.3, legal and compliance professionals can now select inactive mailboxes directly within the platform. Instead of treating inactive mailboxes as separate or isolated repositories, X1 provides a consistent, familiar interface—just like working with active mailboxes.
  • Centralized Indexing and Search: Once selected, inactive mailboxes can be staged, indexed, searched, and collected using the same intuitive workflows. This streamlines eDiscovery, ensures rapid insights, and reduces the administrative burden on IT and compliance teams.
  • Seamless Integration with Microsoft Purview: X1 Enterprise automatically discovers and presents your full list of inactive mailboxes stored in Microsoft Purview (formerly Office 365 Security & Compliance Center) using only a single E5 license. This direct integration ensures that all preserved mailboxes are readily visible and actionable.
  • Consistent Identification and Collection Workflows: By applying the same workflows to both active and inactive mailboxes, X1 Enterprise eliminates confusion and complexity. The result is a more efficient and effective approach to responding to legal requests, regulatory audits, and internal investigations.

Benefits of the New Approach:

  1. Faster Response Times: Legal and compliance teams can rapidly identify and collect relevant information from inactive mailboxes without reinventing the wheel for each scenario.
  2. Improved Efficiency: In-place indexing and targeted searching with X1 Enterprise reduces administrative overhead and streamlines processes without the need to “boil the ocean,” thereby vastly reducing licensing costs with no need for 3rd party services or archiving platforms.
  3. Reduced Risk: Consistent workflows lower the chance of missing critical data or mismanaging preserved mailboxes.
  4. Enhanced Transparency: Having a clear, uniform process for both active and inactive mailboxes bolsters your overall information governance framework.

In Conclusion: Embrace the Future of Inactive Mailbox Management
Inactive mailboxes are here to stay, as legal and regulatory requirements continue to mandate the preservation of key business communications. Instead of viewing these repositories as a burden, forward-thinking organizations can leverage advanced technologies like X1 Enterprise 5.3 to take control of their compliance landscape.

Ready to Learn More?
The X1 Enterprise Platform is available now from X1 and its global channel network in the cloud, on-premises, and with our services available on-demand. For a demonstration of the X1 Enterprise Platform, contact us at sales@x1.com. For more details on this innovative solution, please visit www.x1.com/solutions/x1-enterprise-platform.

Leave a comment

Filed under Best Practices, Cloud Data, Corporations, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Governance, Information Management, m365, Preservation & Collection

Tagged as , , , , ,

November 19, 2024 · 11:47 AM

Industry Experts Address Information Governance Challenges in Microsoft 365

By John Patzakis

Successful information governance in a Microsoft 365 environment can be extremely challenging. Organizations require ways to operationalize their compliance processes, in order to effectively address their information governance use cases, such as PCI compliance, ROT, Data separation, and GDPR. However, Microsoft’s Purview eDiscovery platform is a very expensive add-on to M365 that does not scale to the data throughput requirements of a typical information governance project.

This is because M365 is a massive data ocean that is not purpose-built for compliance and eDiscovery, and so a new “compliance index” must be created with data carved out of the M365 ocean to initiate an eDiscovery or compliance case in Purview eDiscovery to ensure proper and complete content indexing. As a result of this disjointed two-step process, users are encountering significant problems with low throughput and defensibility. Many customers report to us that Microsoft Purview Premium’s documented inability  to handle anything other than small matters due to their 2GB per hour throughput limit. A matter involving 100 custodians at 10GB of M365 data would take several weeks to complete with Microsoft Purview Premium.

Last week X1 hosted a webinar with industry leaders Randy Kahn and Chas Meier to discuss information governance challenges in an M365 environment. Kahn outlined information governance principles and priorities in general and then emphasized how technical automation is essential to enforce and execute on any implemented information governance policies and procedures.

Kahn’s overview segued into Meier’s discussion and demonstration on how the X1 Enterprise Platform is the best solution available for managing M365 data sources as well as on-premises sources like laptops and file shares. Meier highlighted recent case studies involving large-scale projects where X1 was able to search and analyze terabytes of M365 information very accurately and in a fraction of the time required for other means, including Microsoft Purview.

Meier explained how the X1 Enterprise platform’s unique architecture allows it to index nearly ten times the daily volume compared to Purview or other competitive “connector” technologies. X1’s patented distributed micro-index-in-place architecture, combined with horizontal scaling, makes X1 the only solution capable of handling rapid indexing, identification, searching, and remediation of massive data sets in the terabytes across M365 sources, including modern attachments and inactive mailboxes. Additionally, X1 effectively addresses both cloud and on-premises data sources in a unified manner, including distributed endpoints, network file shares, and multiple M365 services like Mail, OneDrive, Teams, and SharePoint.

A copy of the webinar recording can be accessed HERE.

For companies navigating complex information governance and eDiscovery requirements, including those involving M365, the  X1 Enterprise Platform ensures compliance while protecting privacy. By implementing X1 Enterprise, organizations can not only reduce costs and save valuable time but also gain a strategic advantage in managing their information governance needs. We invite you to explore how X1 can transform your data management processes and help you stay ahead in the ever-evolving digital landscape.

Leave a comment

Filed under Best Practices, Corporations, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, GDPR, Information Governance, m365, Preservation & Collection

Tagged as , , , , , , , , , , , , ,